Legal claims defining the scope of protection, as filed with the USPTO.
1. A device for encrypting a message using a public key, the device comprising: a processor configured to: obtain at least one encryption exponent; generate a first ciphertext component and a plurality of second ciphertext components, wherein the first ciphertext component is generated by multiplying the message with at least one element of the public key to the power of an encryption exponent and wherein each of the plurality of second ciphertext components is generated by taking at least one further element of the public key to the power of an encryption exponent; generate a linearly homomorphic signature on the plurality of second ciphertext components with respect to a tag obtained from the first ciphertext component and at least part of the plurality of second ciphertext components; and generate an overall ciphertext comprising the ciphertext components, and the linearly homomorphic signature; and an interface configured to output the overall ciphertext.
2. A device for partially decrypting a ciphertext using a partial private key comprising a share of an entire private key, the ciphertext comprising a first ciphertext component, a plurality of second ciphertext components and a linearly homomorphic signature for a vector comprising the plurality of second ciphertext components, the device comprising: a processor configured to: verify that the linearly homomorphic signature is a valid signature for a vector comprising the plurality of second ciphertext components; obtain a partial decryption of the ciphertext using the partial private key; generate commitments to exponents of the partial private key; generate a proof that the commitments satisfy at least one predefined equality showing the correctness of the partial decryption; and generate a result comprising the partial decryption, the commitments and the proof; and an interface configured to output the result.
3. The device of claim 2 , the linearly homomorphic signature generated on the plurality of second ciphertext components with respect to a tag obtained from the first ciphertext component and at least part of the plurality of second ciphertext components.
4. A method for encrypting a message using a public key, the method comprising, at a device comprising a processor: obtaining at least one encryption exponent; generating a first ciphertext component and a plurality of second ciphertext components, wherein the first ciphertext component is generated by multiplying the message with at least one element of the public key to the power of an encryption exponent and wherein each of the plurality of second ciphertext components is generated by taking at least one further element of the public key to the power of an encryption exponent; generating a linearly homomorphic signature on the plurality of second ciphertext components with respect to a tag obtained from the first ciphertext component and at least part of the plurality of second ciphertext components; generating an overall ciphertext comprising the ciphertext components, and the linearly homomorphic signature; and outputting the overall ciphertext.
5. A method for partially decrypting a ciphertext using a partial private key comprising a share of an entire private key, the ciphertext comprising a first ciphertext component, a plurality of second ciphertext components and a linearly homomorphic signature for a vector comprising the plurality of second ciphertext components, the method comprising, at a device comprising a processor: verifying that the linearly homomorphic signature is a valid signature for a vector comprising the plurality of second ciphertext components; obtaining a partial decryption of the ciphertext using the partial private key; generating commitments to exponents of the partial private key; generating a proof that the commitments satisfy at least one predefined equality showing the correctness of the partial decryption; generating a result comprising the partial decryption, the commitments and the proof; and outputting the result.
6. The method of claim 5 , the linearly homomorphic signature generated on the plurality of second ciphertext components with respect to a tag obtained from the first ciphertext component and at least part of the plurality of second ciphertext components.
7. A non-transitory digital data support that stores instructions that, when executed by a processor, perform the method of claim 4 .
8. A non-transitory digital data support that stores instructions that, when executed by a processor, perform the method of claim 5 .
Unknown
April 17, 2018
Browse 5M+ US patents with plain-English claim translations and AI-generated analysis.